Trac is an open source SCM (Source Code Management) and project management tool. This page documents some oddities I came across when configuring it. If I were to be more accurate I suppose the oddities are more conceptual gaps, since, like so many open source projects, the documentation is lacking (though as my co-worker Mike pointed out, I can always improve their docs if I feel the need. Problem is I couldn't - they were closed due to spam!).
Creating new users
User access (login) is not controlled from within Trac, but rather via whichever web serving mechanism Trac is configured to use. At the time of writing these are tracd, CGI, or mod_python (see Configuring Authentication from the Trac Installation Guide.)
I am only familiar with the mod_python approach, described in the Trac and mod_python section of Trac's installation guide. Users are controlled via a .htaccess file, so a new user is added to Trac by adding a new user to the .htaccess file. Unfortunately their guide fails to describe how to do this, but I've described it here: Edit the Apache .htpasswd authentication file.
Login/out oddity
If you are using apache authentication (e.g. if you installed Trac with mod_python) then Trac's login link will point at an apache login form. Once authenticated, your session will remain until the browser is closed. This means you are logged in regardless of whether the Trac link says login or logout.
The symptoms are as follows: You click login, log in as someuser, then click the logout link. Trac says you're logged out (though as we'll see you aren't really). Click login again and you'll be automatically logged in as someuser. The only way you can log in as a different user is to close your browser so the session is destroyed. This is because apache authentication is controlling login, not Trac.
trac-admin permission oddity
The trac-admin command allows you to grant users permissions for different tasks. If you ask it to list the permissions assigned to a user that does not exist - with trac-admin [/path/to/trac] permission list [username] - you'll see the default permissions but no indication that the user doesn't exist. This is probably because a) Trac doesn't really have users because access is controlled via whatever web serving mechanism it's using (see above) and b) Trac assigns the permissions of the "anonymous" user to every user who hasn't had their permissions explicitely changed.
Here's an example of what you get when you query the permissions of a user that doesn't exist.
devbox source # trac-admin /var/lib/trac/source permission list nonexistantuser
User Action
--------------------------------
BROWSER_VIEW nonexistantuser
CHANGESET_VIEW nonexistantuser
FILE_VIEW nonexistantuser
LOG_VIEW nonexistantuser
MILESTONE_VIEW nonexistantuser
REPORT_SQL_VIEW nonexistantuser
REPORT_VIEW nonexistantuser
ROADMAP_VIEW nonexistantuser
SEARCH_VIEW nonexistantuser
TICKET_APPEND nonexistantuser
TICKET_CHGPROP nonexistantuser
TICKET_CREATE nonexistantuser
TICKET_MODIFY nonexistantuser
TICKET_VIEW nonexistantuser
TIMELINE_VIEW nonexistantuser
WIKI_CREATE nonexistantuser
WIKI_MODIFY nonexistantuser
WIKI_VIEW nonexistantuser
Available actions:
BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, FILE_VIEW, LOG_VIEW,
MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE, MILESTONE_MODIFY,
MILESTONE_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE, REPORT_MODIFY,
REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW, SEARCH_VIEW,
TICKET_ADMIN, TICKET_APPEND, TICKET_CHGPROP, TICKET_CREATE, TICKET_MODIFY,
TICKET_VIEW, TIMELINE_VIEW, TRAC_ADMIN, WIKI_ADMIN, WIKI_CREATE,
WIKI_DELETE, WIKI_MODIFY, WIKI_VIEW